Network Anomaly Detection: Methods, Systems and Tools

Network anomaly detection is an important and dynamic research area. Many network intrusion detection methods and systems (NIDS) have been proposed in the literature. In this paper, we provide a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomaly detection. We present attacks normally encountered by network intrusion detection systems. We categorize existing network anomaly detection methods and systems based on the underlying computational techniques used. Within this framework, we briefly describe and compare a large number of network anomaly detection methods and systems. In addition, we also discuss tools that can be used by network defenders and datasets that researchers in network anomaly detection can use. We also highlight research directions in network anomaly detection.

[1]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[2]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[3]  Shingo Mabu,et al.  An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[4]  A. Triulzi Intrusion Detection Systems and IPv 6 , 2003 .

[5]  Chao Chen,et al.  A Closed-Form Expression for Static Worm-Scanning Strategies , 2008, 2008 IEEE International Conference on Communications.

[6]  Koushik Sen,et al.  A Temporal Logic Based Framework for Intrusion Detection , 2004, FORTE.

[7]  L. Hubert,et al.  Quadratic assignment as a general data analysis strategy. , 1976 .

[8]  Nong Ye,et al.  The Handbook of Data Mining , 2003 .

[9]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[10]  Wenke Lee,et al.  McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[11]  F. J. Anscombe,et al.  Rejection of Outliers , 1960 .

[12]  Vicente Julián,et al.  RT-MOVICAB-IDS: Addressing real-time intrusion detection , 2013, Future Gener. Comput. Syst..

[13]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[14]  Symeon Papavassiliou,et al.  Data fusion algorithms for network anomaly detection: classification and evaluation , 2007, International Conference on Networking and Services (ICNS '07).

[15]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[16]  Zhong-Yang Xiong,et al.  Distributed intrusion detection based on clustering , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[17]  Philip K. Chan,et al.  A Machine Learning Approach to Anomaly Detection , 2003 .

[18]  Joni da Silva Fraga,et al.  Octopus-IIDS: An anomaly based intelligent intrusion detection system , 2010, The IEEE symposium on Computers and Communications.

[19]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[20]  Jianhong Wu,et al.  Data clustering - theory, algorithms, and applications , 2007 .

[21]  Shao-Shin Hung,et al.  A user-oriented ontology-based approach for network intrusion detection , 2008, Comput. Stand. Interfaces.

[22]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[23]  Reda Alhajj,et al.  A comprehensive survey of numeric and symbolic outlier mining techniques , 2006, Intell. Data Anal..

[24]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[25]  Lior Rokach,et al.  Ensemble-based classifiers , 2010, Artificial Intelligence Review.

[26]  Man Da-peng Decision-level fusion model of multi-source intrusion detection alerts , 2011 .

[27]  Guofei Gu,et al.  Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems , 2006, Sixth International Conference on Data Mining (ICDM'06).

[28]  Marina Thottan,et al.  Anomaly detection in IP networks , 2003, IEEE Trans. Signal Process..

[29]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[30]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[31]  Rajiv Ranjan,et al.  Development of a Comprehensive Intrusion Detection System - Challenges and Approaches , 2005, ICISS.

[32]  Xian-Lun Tang,et al.  A novel intrusion detection method based on clonal selection clustering algorithm , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[33]  Ali A. Ghorbani,et al.  IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART C: APPLICATIONS AND REVIEWS 1 Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods , 2022 .

[34]  Victor C. M. Leung,et al.  Enhancing security using mobility-based anomaly detection in cellular mobile networks , 2006, IEEE Trans. Veh. Technol..

[35]  Carla E. Brodley,et al.  Anomaly Detection Using an Ensemble of Feature Models , 2010, 2010 IEEE International Conference on Data Mining.

[36]  Jugal K. Kalita,et al.  AOCD: An Adaptive Outlier Based Coordinated Scan Detection Approach , 2012, Int. J. Netw. Secur..

[37]  Ruoyu Yan,et al.  Hierarchical Method for Anomaly Detection and Attack Identification in High-speed Network , 2012 .

[38]  R. Sekar,et al.  A high-performance network intrusion detection system , 1999, CCS '99.

[39]  Douglas M. Hawkins Identification of Outliers , 1980, Monographs on Applied Probability and Statistics.

[40]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[41]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[42]  Yang Li,et al.  Building lightweight intrusion detection system using wrapper-based feature selection mechanisms , 2009, Comput. Secur..

[43]  J. Dunn Well-Separated Clusters and Optimal Fuzzy Partitions , 1974 .

[44]  Robert E. Schapire,et al.  A Brief Introduction to Boosting , 1999, IJCAI.

[45]  Sui Song,et al.  Flow-based Statistical Aggregation Schemes for Network Anomaly Detection , 2006, 2006 IEEE International Conference on Networking, Sensing and Control.

[46]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[47]  Sushil Jajodia,et al.  ADAM: a testbed for exploring the use of data mining in intrusion detection , 2001, SGMD.

[48]  Jeff G. Schneider,et al.  Anomaly pattern detection in categorical datasets , 2008, KDD.

[49]  Fan Wu,et al.  Intrusion Detection Method Based on Wavelet Neural Network , 2009, 2009 Second International Workshop on Knowledge Discovery and Data Mining.

[50]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.

[51]  Jaideep Srivastava,et al.  Data Mining for Network Intrusion Detection , 2002 .

[52]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[53]  Michal Pechoucek,et al.  CAMNEP: agent-based network intrusion detection system , 2008, AAMAS.

[54]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[55]  William M. Rand,et al.  Objective Criteria for the Evaluation of Clustering Methods , 1971 .

[56]  Victoria J. Hodge,et al.  A Survey of Outlier Detection Methodologies , 2004, Artificial Intelligence Review.

[57]  Philip K. Chan,et al.  Learning rules for anomaly detection of hostile network traffic , 2003, Third IEEE International Conference on Data Mining.

[58]  Vipin Kumar,et al.  Mining needle in a haystack: classifying rare classes via two-phase rule induction , 2001, SIGMOD '01.

[59]  Jane Labadin,et al.  Feature selection based on mutual information , 2015, 2015 9th International Conference on IT in Asia (CITA).

[60]  S. O. Falaki,et al.  NETWORK INTRUSION DETECTION BASED ON ROUGH SET AND K-NEAREST NEIGHBOUR , 2008 .

[61]  Ying Li,et al.  Enhancing Intrusion Detection System with proximity information , 2010, Int. J. Secur. Networks.

[62]  Akara Prayote,et al.  Detecting Anomalies and Intruders , 2006, Australian Conference on Artificial Intelligence.

[63]  Matthew N. O. Sadiku,et al.  An intrusion detection technique based on continuous binary communication channels , 2011, Int. J. Secur. Networks.

[64]  C. Tappert,et al.  A Survey of Binary Similarity and Distance Measures , 2010 .

[65]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[66]  Juan E. Tapiador,et al.  Stochastic protocol modeling for anomaly based network intrusion detection , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[67]  Chung-Chian Hsu,et al.  An integrated framework for visualized and exploratory pattern discovery in mixed data , 2006, IEEE Transactions on Knowledge and Data Engineering.

[68]  J. Bezdek Numerical taxonomy with fuzzy sets , 1974 .

[69]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[70]  Hou Yong,et al.  Expert System Based Intrusion Detection System , 2010, 2010 3rd International Conference on Information Management, Innovation Management and Industrial Engineering.

[71]  Nur Izura Udzir,et al.  A K-Means and Naive Bayes Learning Approach for Better Intrusion Detection , 2011 .

[72]  L. Hubert,et al.  Measuring the Power of Hierarchical Cluster Analysis , 1975 .

[73]  Ming-Yang Su,et al.  A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach , 2009, Comput. Secur..

[74]  Vipin Kumar,et al.  Similarity Measures for Categorical Data: A Comparative Evaluation , 2008, SDM.

[75]  Tom Fawcett,et al.  Robust Classification for Imprecise Environments , 2000, Machine Learning.

[76]  Abdolreza Mirzaei,et al.  Intrusion detection using fuzzy association rules , 2009, Appl. Soft Comput..

[77]  Yelena Yesha,et al.  Data Mining: Next Generation Challenges and Future Directions , 2004 .

[78]  Hooman Tahayori,et al.  Artificial immune system based on interval type-2 fuzzy set paradigm , 2011, Appl. Soft Comput..

[79]  Benoit Donnet,et al.  A Survey on Network Coordinates Systems, Design, and Security , 2010, IEEE Communications Surveys & Tutorials.

[80]  James Theiler,et al.  Resampling approach for anomaly detection in multispectral images , 2003, SPIE Defense + Commercial Sensing.

[81]  Bing Wu,et al.  Experimental analysis of application-level intrusion detection algorithms , 2010, Int. J. Secur. Networks.

[82]  Judith Kelner,et al.  A Survey on Internet Traffic Identification , 2009, IEEE Communications Surveys & Tutorials.

[83]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[84]  James Won-Ki Hong,et al.  Towards automated application signature generation for traffic identification , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[85]  Takehisa Yairi,et al.  An approach to spacecraft anomaly detection problem using kernel feature space , 2005, KDD '05.

[86]  M. Sadiq Ali Khan,et al.  Rule based Network Intrusion Detection using Genetic Algorithm , 2011 .

[87]  R. Polikar,et al.  Ensemble based systems in decision making , 2006, IEEE Circuits and Systems Magazine.

[88]  P. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis , 1987 .

[89]  Huan Liu,et al.  Feature Selection for Classification , 1997, Intell. Data Anal..

[90]  T.Y. Lin,et al.  Anomaly detection , 1994, Proceedings New Security Paradigms Workshop.

[91]  Yuval Elovici,et al.  Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method , 2010, J. Syst. Softw..

[92]  Cuixiao Zhang,et al.  A Mixed Unsupervised Clustering-Based Intrusion Detection Model , 2009, 2009 Third International Conference on Genetic and Evolutionary Computing.

[93]  Yang Xiao,et al.  Intrusion detection techniques in mobile ad hoc and wireless sensor networks , 2007, IEEE Wireless Communications.

[94]  Li Jun,et al.  HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification , 2001 .

[95]  Zhongmin Cai,et al.  A rough set theory based method for anomaly intrusion detection in computer network systems , 2003, Expert Syst. J. Knowl. Eng..

[96]  P. Jaccard THE DISTRIBUTION OF THE FLORA IN THE ALPINE ZONE.1 , 1912 .

[97]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[98]  F. Rohlf Methods of Comparing Classifications , 1974 .

[99]  Vipin Kumar,et al.  Parallel and Distributed Computing for Cybersecurity , 2005, IEEE Distributed Syst. Online.

[100]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[101]  Vir V. Phoha,et al.  K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods , 2007, IEEE Transactions on Knowledge and Data Engineering.

[102]  Jing Xu,et al.  Intrusion Detection using Continuous Time Bayesian Networks , 2010, J. Artif. Intell. Res..

[103]  Ali Moeini,et al.  NFIDS: a neuro-fuzzy intrusion detection system , 2003, 10th IEEE International Conference on Electronics, Circuits and Systems, 2003. ICECS 2003. Proceedings of the 2003.

[104]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[105]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[106]  Jason Shifflet A TECHNIQUE INDEPENDENT FUSION MODEL FOR NETWORK INTRUSION DETECTION , 2005 .

[107]  Xin Xu,et al.  Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies , 2010, Appl. Soft Comput..

[108]  Liwei Kuang,et al.  DNIDS: A dependable network intrusion detection system using the CSI-KNN algorithm , 2007 .

[109]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[110]  Hui Wang,et al.  A clustering-based method for unsupervised intrusion detections , 2006, Pattern Recognit. Lett..

[111]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[112]  Roberto Tronci,et al.  HMMPayl: An intrusion detection system based on Hidden Markov Models , 2011, Comput. Secur..

[113]  P. Thangaraj,et al.  Implementation of two class classifiers for hybrid intrusion detection , 2010, 2010 International Conference on Communication and Computational Intelligence (INCOCCI).

[114]  Balachander Krishnamurthy,et al.  Rule-Based Anomaly Detection on IP Flows , 2009, IEEE INFOCOM 2009.

[115]  Nicholas Kyriakopoulos,et al.  A comparative analysis of network dependability, fault-tolerance, reliability, security, and survivability , 2009, IEEE Communications Surveys & Tutorials.

[116]  Marco Dorigo,et al.  Ant system: optimization by a colony of cooperating agents , 1996, IEEE Trans. Syst. Man Cybern. Part B.

[117]  Jugal K. Kalita,et al.  Surveying Port Scans and Their Detection Methodologies , 2011, Comput. J..

[118]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[119]  James Cannady Applying CMAC-based online learning to intrusion detection , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[120]  Jugal K. Kalita,et al.  A Survey of Outlier Detection Methods in Network Anomaly Identification , 2011, Comput. J..

[121]  Radu State,et al.  Machine Learning Approach for IP-Flow Record Anomaly Detection , 2011, Networking.

[122]  M.M. Deris,et al.  A Comparative Study for Outlier Detection Techniques in Data Mining , 2006, 2006 IEEE Conference on Cybernetics and Intelligent Systems.

[123]  Sahar Selim,et al.  Hybrid Multi-level Intrusion Detection System , 2011 .

[124]  Yun Wang,et al.  Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection , 2008 .

[125]  Yang Xiao,et al.  Integration of mobility and intrusion detection for wireless ad hoc networks , 2007, Int. J. Commun. Syst..

[126]  Tsuhan Chen,et al.  Data Fusion and Cost Minimization for Intrusion Detection , 2008, IEEE Transactions on Information Forensics and Security.

[127]  Teuvo Kohonen,et al.  The self-organizing map , 1990 .

[128]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[129]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[130]  Mina J. Bissell,et al.  Lawrence Berkeley National Laboratory Lawrence Berkeley National Laboratory , 2007 .

[131]  Wenlong Fu,et al.  A Neural Network Based Intrusion Detection Data Fusion Model , 2010, 2010 Third International Joint Conference on Computational Science and Optimization.

[132]  Slobodan Petrovic,et al.  Towards a Generic Feature-Selection Measure for Intrusion Detection , 2010, 2010 20th International Conference on Pattern Recognition.

[133]  Sushil Jajodia,et al.  Intrusion Detection Techniques , 2004 .

[134]  Maghsoud Abbaspour,et al.  Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller , 2012, Int. J. Netw. Secur..

[135]  V. Rao Vemuri,et al.  NSOM: A Tool To Detect Denial Of Service Attacks Using Self-Organizing Maps , 2002 .

[136]  Yannis A. Dimitriadis,et al.  Anomaly Detection in Network Traffic Based on Statistical Inference and \alpha-Stable Modeling , 2011, IEEE Transactions on Dependable and Secure Computing.

[137]  Arshad Iqbal,et al.  Network Traffic Analysis and Intrusion Detection Using Packet Sniffer , 2010, 2010 Second International Conference on Communication Software and Networks.

[138]  S. Srinoy,et al.  Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering , 2006, 2006 International Conference on Hybrid Information Technology.

[139]  Jugal K. Kalita,et al.  Packet and Flow Based Network Intrusion Dataset , 2012, IC3.

[140]  Sung-Hyuk Cha Comprehensive Survey on Distance/Similarity Measures between Probability Density Functions , 2007 .

[141]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[142]  Sanjay Ranka,et al.  Conditional Anomaly Detection , 2007, IEEE Transactions on Knowledge and Data Engineering.

[143]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[144]  Vipin Kumar,et al.  Introduction to Data Mining , 2022, Data Mining and Machine Learning Applications.

[145]  Mooi Choo Chuah,et al.  Syntax vs. semantics: competing approaches to dynamic network intrusion detection , 2008, Int. J. Secur. Networks.

[146]  Xuedou Yu A new model of intelligent hybrid network intrusion detection system , 2010, 2010 International Conference on Bioinformatics and Biomedical Technology.

[147]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[148]  F. Y. Edgeworth,et al.  XLI. On discordant observations , 1887 .

[149]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[150]  Philippe Owezarski,et al.  Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge , 2012, Comput. Commun..

[151]  Álvaro HerreroA,et al.  Addressing Real-Time Intrusion Detection , 2014 .

[152]  Donald W. Bouldin,et al.  A Cluster Separation Measure , 1979, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[153]  Stephen Grossberg,et al.  Adaptive Resonance Theory , 2010, Encyclopedia of Machine Learning.

[154]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[155]  H. Javitz,et al.  Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1 , 1997 .

[156]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[157]  Vic Barnett,et al.  Outliers in Statistical Data , 1980 .

[158]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[159]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[160]  Jugal K. Kalita,et al.  An effective unsupervised network anomaly detection method , 2012, ICACCI '12.

[161]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[162]  Ramakrishnan Srikant,et al.  Fast algorithms for mining association rules , 1998, VLDB 1998.

[163]  Jugal K. Kalita,et al.  NADO: network anomaly detection using outlier approach , 2011, ICCCS '11.

[164]  Vipin Kumar,et al.  Predicting rare classes: can boosting make any weak learner strong? , 2002, KDD.

[165]  Ali Borji,et al.  Combining Heterogeneous Classifiers for Network Intrusion Detection , 2007, ASIAN.

[166]  LeeWenke,et al.  Adaptive Intrusion Detection , 2000 .

[167]  Ming Yu,et al.  A Nonparametric Adaptive Cusum Method And Its Application In Network Anomaly Detection , 2012 .

[168]  Salvatore J. Stolfo,et al.  FLIPS: Hybrid Adaptive Intrusion Prevention , 2005, RAID.

[169]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[170]  Hui-Hua Yang,et al.  Ant colony optimization based network intrusion feature selection and detection , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[171]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[172]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[173]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[174]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[175]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[176]  Li Guo,et al.  Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System , 2006, Inscrypt.

[177]  Robert Sabourin,et al.  Adaptive ROC-based ensembles of HMMs applied to anomaly detection , 2012, Pattern Recognit..

[178]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[179]  Monowar H. Bhuyan,et al.  RODD: An Effective Reference-Based Outlier Detection Technique for Large Datasets , 2011 .

[180]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[181]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[182]  Manas Ranjan Patra,et al.  Hybrid intelligent systems for detecting network intrusions , 2015, Secur. Commun. Networks.

[183]  R. A. Maxion,et al.  Proper Use of ROC Curves in Intrusion/Anomaly Detection , 2004 .

[184]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[185]  B Ng Survey of Anomaly Detection Methods , 2006 .

[186]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[187]  Giandomenico Spezzano,et al.  An ensemble-based evolutionary framework for coping with distributed intrusion detection , 2010, Genetic Programming and Evolvable Machines.

[188]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[189]  Jingrui He,et al.  Anomaly Internet Network Traffic Detection by Kernel Principle Component Classifier , 2005, ISNN.

[190]  Gerardo Beni,et al.  A Validity Measure for Fuzzy Clustering , 1991, IEEE Trans. Pattern Anal. Mach. Intell..

[191]  Dongjoon Kong,et al.  A differentiated one-class classification method with applications to intrusion detection , 2012, Expert Syst. Appl..

[192]  M. J. Desforges,et al.  Applications of probability density estimation to the detection of abnormal conditions in engineering , 1998 .

[193]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[194]  Marie-Jeanne Lesot,et al.  Similarity measures for binary and numerical data: a survey , 2008, Int. J. Knowl. Eng. Soft Data Paradigms.

[195]  Junshui Ma,et al.  Online novelty detection on temporal sequences , 2003, KDD '03.

[196]  Michaël Rusinowitch,et al.  Efficient decision tree for protocol analysis in intrusion detection , 2010, Int. J. Secur. Networks.

[197]  Yang Xiao,et al.  Detection of Fraudulent Usage in Wireless Networks , 2007, IEEE Transactions on Vehicular Technology.

[198]  J. Bezdek Cluster Validity with Fuzzy Sets , 1973 .

[199]  Peter J. Rousseeuw,et al.  Robust Regression and Outlier Detection , 2005, Wiley Series in Probability and Statistics.

[200]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[201]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[202]  G Edwards,et al.  Prudent expert systems with credentials: managing the expertise of decision support systems. , 1995, International journal of bio-medical computing.

[203]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[204]  Akara Prayote,et al.  Knowledge based anomaly detection , 2007 .

[205]  Mark Crovella,et al.  Distributed Spatial Anomaly Detection , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[206]  Qingbo Yang,et al.  A Survey of Anomaly Detection Methods in Networks , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[207]  Duminda Wijesekera,et al.  Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt , 2002, Applications of Data Mining in Computer Security.

[208]  D. Snyder,et al.  On-Line Intrusion Detection Using Sequences of System Calls , 2001 .

[209]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[210]  Alexandros G. Fragkiadakis,et al.  A Survey on Security Threats and Detection Techniques in Cognitive Radio Networks , 2013, IEEE Communications Surveys & Tutorials.

[211]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[212]  Wei Lu,et al.  Detecting Network Anomalies Using CUSUM and EM Clustering , 2009, ISICA.

[213]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[214]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[215]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[216]  Zhu Wang,et al.  A research using hybrid RBF/Elman neural networks for intrusion detection system secure model , 2009, Comput. Phys. Commun..

[217]  Amir F. Atiya,et al.  Application of the recurrent multilayer perceptron in modeling complex process dynamics , 1994, IEEE Trans. Neural Networks.

[218]  Srinivasan Parthasarathy,et al.  Fast Distributed Outlier Detection in Mixed-Attribute Data Sets , 2006, Data Mining and Knowledge Discovery.

[219]  Dipti Verma,et al.  Data Mining: Next Generation Challenges and Future Directions , 2012 .

[220]  Jérôme Darmont,et al.  An efficient local region and clustering-based ensemble system for intrusion detection , 2011, IDEAS '11.